China Says US Hacking Accusations Lack Technical Proof

Mike Fey, McAfee worldwide chief technology officer, discusses the rise in cyber attacks and weighs in on what the government can do to curb these threats.

Accusations by a U.S. computer security company that a secretive Chinese military unit is likely behind a series of hacking attacks are scientifically flawed and hence unreliable, China said on Wednesday.

The statement came after the White House said overnight that the Obama administration has repeatedly taken up its concerns about cyber-theft at the highest levels of the Chinese government, including with Chinese military officials.

The security company, Mandiant, identified the People's Liberation Army's Shanghai-based Unit 61398 as the most likely driving force behind the hacking. Mandiant said it believed the unit had carried out "sustained" attacks on a wide range of industries.

The Chinese Defence Ministry, which has already denied the charges, went further in a new statement, slamming Mandiant for relying on spurious data.

"The report, in only relying on linking IP address to reach a conclusion the hacking attacks originated from China, lacks technical proof," the ministry said in a statement on its website.

"Everyone knows that the use of usurped IP addresses to carry out hacking attacks happens on an almost daily basis," it added.

"Second, there is still no internationally clear, unified definition of what consists of a 'hacking attack'. There is no legal evidence behind the report subjectively inducing that the everyday gathering of online (information) is online spying."

As hacking is a cross-border, anonymous and deceptive phenomenon, by its very nature it is hard to work out exactly where hacks originated, the statement said.

Unit 61398 is located in Shanghai's Pudong district, China's financial and banking hub, and is staffed by perhaps thousands of people proficient in English as well as computer programming and network operations, Mandiant said in its report.

The unit had stolen "hundreds of terabytes of data from at least 141 organizations across a diverse set of industries beginning as early as 2006," it said.

Most of the victims were located in the United States, with smaller numbers in Canada and Britain. The information stolen ranged from details on mergers and acquisitions to the emails of senior employees, the company said.

But the Chinese Defence Ministry said China's own figures show that a "considerable" number of hacking attacks it is subjected to come from the United States.

"But we don't use this as a reason to criticize the United States," the ministry said.

However, the Global Times, a widely read tabloid published by Communist Party mouthpiece the People's Daily, said China should be more active in publicly airing its complaints about hacking attacks, especially as the United States does so.

"Some officials have been punished for internally reporting that government websites have been hacked and secrets leaked, but almost no details have come out," it wrote.

"The Americans really know how to talk this (issue) up. All China can do is concede defeat."